g****n
发帖数: 13 | 1 Hi there,
The root of my linux box kept receving a email recently.
From: Mail Delivery Subsystem
To: apache@myaddress
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
This is a email sent to a wrong address. But the content of this email is
amazing.
From: Apache
To: c********[email protected]
Subject: [MY IP Address]
In the content, it lists all the hardware information of my computer,
including CPU types, netcard types and | p******f
发帖数: 162 | 2 Yes it is a worm, which has invalded your box thorugh a bug in Apache SSL
module. You should be able to find some .vinik* files under /tmp, which
tells you what the worm could have done in your system. The worm might
have already get the priviledge of your apache user, and try to replace
some of your executable with its code, and also put its copy in some
folders which are writtable by apache users, it also try to put an entry
in crontab of apache users.
【在 g****n 的大作中提到】
: Hi there,
: The root of my linux box kept receving a email recently.
: From: Mail Delivery Subsystem
: To: apache@myaddress
: Subject: Returned mail: see transcript for details
: Auto-Submitted: auto-generated (failure)
: This is a email sent to a wrong address. But the content of this email is
: amazing.
: From: Apache
: To: c********[email protected]
| d***c
发帖数: 13 | 3 just found my mandrake8.2 was messed up by this same worm today.
check your /tmp, there were a whole bunch of hole,rooting,irc staff
sitting on my machine. check your system log files to see if they still
exist. mine were all deleted. check the history of apache user. it was
the only thing by which i could trace out what the intruder did to the system.
the email seemed to be generated by a script named .cinik.??? under /tmp
【在 g****n 的大作中提到】
: Hi there,
: The root of my linux box kept receving a email recently.
: From: Mail Delivery Subsystem
: To: apache@myaddress
: Subject: Returned mail: see transcript for details
: Auto-Submitted: auto-generated (failure)
: This is a email sent to a wrong address. But the content of this email is
: amazing.
: From: Apache
: To: c********[email protected]
|
|
